CVE-2013-4288
Published: 18 September 2013
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
Priority
Status
Package | Release | Status |
---|---|---|
policykit-1 Launchpad, Ubuntu, Debian |
lucid |
Released
(0.96-2ubuntu0.2)
|
precise |
Released
(0.104-1ubuntu1.1)
|
|
quantal |
Released
(0.104-2ubuntu1.1)
|
|
raring |
Released
(0.105-1ubuntu1.1)
|
|
upstream |
Needs triage
|